package com.gentics.mesh.auth;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.AuthHandler;
import io.vertx.ext.web.handler.impl.AuthHandlerImpl;
import io.vertx.ext.web.handler.impl.HttpStatusException;
import java.util.HashSet;
import java.util.Set;

/* loaded from: input_file:com/gentics/mesh/auth/MeshOAuth2AuthHandlerImpl.class */
public class MeshOAuth2AuthHandlerImpl extends AuthHandlerImpl {
    public static final HttpStatusException FORBIDDEN = new HttpStatusException(403);
    public static final HttpStatusException UNAUTHORIZED = new HttpStatusException(401);
    public static final HttpStatusException BAD_REQUEST = new HttpStatusException(400);
    private final Set<String> scopes;
    protected final Type type;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/gentics/mesh/auth/MeshOAuth2AuthHandlerImpl$Type.class */
    public enum Type {
        BEARER("Bearer");

        private final String label;

        Type(String str) {
            this.label = str;
        }

        public boolean is(String str) {
            return this.label.equalsIgnoreCase(str);
        }
    }

    public MeshOAuth2AuthHandlerImpl(AuthProvider authProvider) {
        super(verifyProvider(authProvider));
        this.scopes = new HashSet();
        this.type = Type.BEARER;
    }

    protected final void parseAuthorization(RoutingContext routingContext, boolean z, Handler<AsyncResult<String>> handler) {
        String str = routingContext.request().headers().get(HttpHeaders.AUTHORIZATION);
        if (str == null) {
            if (z) {
                handler.handle(Future.succeededFuture());
                return;
            } else {
                handler.handle(Future.failedFuture(UNAUTHORIZED));
                return;
            }
        }
        try {
            int indexOf = str.indexOf(32);
            if (indexOf <= 0) {
                handler.handle(Future.failedFuture(BAD_REQUEST));
            } else if (this.type.is(str.substring(0, indexOf))) {
                handler.handle(Future.succeededFuture(str.substring(indexOf + 1)));
            } else {
                handler.handle(Future.failedFuture(UNAUTHORIZED));
            }
        } catch (RuntimeException e) {
            handler.handle(Future.failedFuture(e));
        }
    }

    private static AuthProvider verifyProvider(AuthProvider authProvider) {
        if (!(authProvider instanceof OAuth2Auth) || ((OAuth2Auth) authProvider).getFlowType() == OAuth2FlowType.AUTH_CODE) {
            return authProvider;
        }
        throw new IllegalArgumentException("OAuth2Auth + Bearer Auth requires OAuth2 AUTH_CODE flow");
    }

    public AuthHandler addAuthority(String str) {
        this.scopes.add(str);
        return this;
    }

    public AuthHandler addAuthorities(Set<String> set) {
        this.scopes.addAll(set);
        return this;
    }

    public void handle(RoutingContext routingContext) {
        if (routingContext.user() != null) {
            routingContext.next();
            return;
        }
        if (routingContext.request().headers().get(HttpHeaders.AUTHORIZATION) != null) {
            super.handle(routingContext);
        } else {
            routingContext.next();
        }
    }

    public void parseCredentials(RoutingContext routingContext, Handler<AsyncResult<JsonObject>> handler) {
        parseAuthorization(routingContext, true, asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            String str = (String) asyncResult.result();
            if (str == null) {
                routingContext.next();
            } else {
                this.authProvider.decodeToken(str, asyncResult -> {
                    if (asyncResult.failed()) {
                        handler.handle(Future.failedFuture(new HttpStatusException(401, asyncResult.cause().getMessage())));
                    } else {
                        routingContext.setUser((User) asyncResult.result());
                        handler.handle(Future.succeededFuture());
                    }
                });
            }
        });
    }
}
